|
|
|
The tokens in the [kblaudit] section control the behaviour of the Keyboard Logger session tracking program.
Specifies the name of the Keyboard Logger backup audit log file.
Default: ACInstallDir/log/kbl.audit.bak
Specifies the group that can read the audit logs. If you set this token to none, only root can read the audit logs. CA Access Control does not verify the value of this token, so if you enter an invalid group name, CA Access Control does not assign any group permissions to the audit log files.
To change the group ownership of an existing audit log file, complete the following steps:
Use the selang command chgrp to set the group ownership of the files.
Change the UNIX permissions by entering the following command:
chmod 640 ACInstallDir/log/seos.audit
Default: none
Specifies the name of the Keyboard Logger audit log file.
Default: ACInstallDir/log/kbl.audit
Specifies the maximum number of audit log files to keep in backup mode. When reached, CA Access Control deletes the earliest backup file when the latest file is created.
Limits: a positive integer.
Default: 0
Note: When set to 0, CA Access Control accumulates backup files and does not delete earlier files.
Specifies the maximum size, in KB, of the audit log file.
Minimum value: 50 KB.
Default: 24000
Note: CA Access Control stops writing audit records to the audit file when the audit file size exceeds 2 GB.
Specifies the criterion by which CA Access Control backs up the audit log file, and if CA Access Control adds a timestamp to the backup file name.
CA Access Control always backs up the audit log file when it reaches the size specified in the audit_size configuration setting.
Values: none, yes, daily, weekly, monthly
Note: CA Access Control counts the specified interval from the time that it creates the first audit log file, and backs up the file at midnight on the appropriate day.
Example: The configuration setting has a value of weekly and CA Access Control creates the audit log file at 9:00 a.m. Friday 1 April. Many audit events occur this week and the audit log file exceeds the audit_size configuration setting on Monday 4 April. CA Access Control backs up the audit log file on 4 April and adds a timestamp to the backup file name. A week after the audit log file was first created, at midnight Friday 8 April, CA Access Control again backs up the audit log file and adds a timestamp to the backup file name.
Default: NONE
Specifies the link to the Keyboard Logger cmdlog binary file.
Default: /etc/AC
Specifies the name of the Keyboard Logger error log backup file.
Default: ACInstallDir/log/kbl.error.bak
Specifies the group that can read the error log files. If you set this token to none, only root can read the error log files. CA Access Control does not verify the value of this token, so if you enter an invalid group name, CA Access Control does not assign any group permissions to the error log files.
To change the group ownership of an existing error log file, complete the following steps:
Use the selang command chgrp to set the group ownership of the files.
Change the UNIX permissions by entering the following command:
chmod 640 ACInstallDir/log/seos.audit
Default: none
Specifies the name of the Keyboard Logger error log file.
Default: ACInstallDir/log/kbl.error
Defines the maximum size, in KB, of the error log file.
Limits: A minimum value of 50 KB.
Default: 500
Specifies whether the Keyboard Logger is enabled.
Values: yes, no
Default: no
Specifies the user session inactivity interval, in seconds, after which the printable logged data is stored in the kbl audit file. Set the token to 0 to disable.
Default: 30
Specifies whether seosd activates trace on session and sends user activity data to the Keyboard Logger.
Values: yes, no
Default: yes
Specifies the name of the operating system shells file.
Default: /etc/shells
Specifies the socket name for the Keyboard Logger audit manager.
Default: ACInstallDir/kblserver
| Copyright © 2012 CA. All rights reserved. |
|